oauth tutorial - OAuth 2.0 Architecture - oauth2 tutorial - oauth authentication
What is Architecture in OAuth 2.0?
- First, the resource server which is also known as web app gives delegates authorization responsibility to the authorization server (STS).
- Second, the resource owner which is the user gives accesses to the service in the web app which is provided with the client id and client password
- Third, the user authenticates and then grants access authorization to the authenticate server (STS)
- Fourth, it issues the access token which is secured because it has username and password of the user and this process is done
- Fifth, the user accesses the protected resources in the resource server
Learn OAuth 2.0 - OAuth 2.0 tutorial - process of OAuth 2.0 architecture - OAuth 2.0 examples - OAuth 2.0 programs
OAuth 2.0 Concepts
Here are some of the concepts of OAuth 2.0 which are explained in the table which is given below:
|S.No.||Concept & Description|
OAuth provides the terminology to understand the concepts of authorization.
Web server delivers the web pages and uses HTTP to serve the files that forms the web pages to the users.
The user agent application is used by client applications in the user's device, which acts as the scripting language instance.
Native application can be used as an instance of desktop or mobile phone application, which uses the resource owner password credentials.
The OAuth client can make protected resource requests on behalf of the resource owner after the resource owner grants it authorization. OAuth 2.0 introduces two types of clients: confidential and public. Confidential clients are registered with a client secret, while public clients are not.
This string represents specific scopes and durations of access. It is granted by the resource owner and enforced by the OAuth server.
A restricted resource that can be accessed from the OAuth server using authenticated requests.
A grant that represents the resource owner authorization to access its protected resources. There are four authorization grant types: authorization code, implicit, resource owner password credentials, and client credentials.
A code that the Authorization server generates when the resource owner authorizes a request.
A string that is used to obtain a new access token. A refresh token is optionally issued by the authorization server to the OAuth client together with an access token. The OAuth client can use the refresh token to request another access token that is based on the same authorization, without involving the resource owner again.